Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Denying Internet Access (Certificate issue?)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 13th, 2017, 6:27 pm

C.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Primitive (administrator) on RANY (13-01-2017 17:24:47)
Running from C:\Users\Primitive\Downloads
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) G:\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
(Malwarebytes) G:\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Rainmeter) G:\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\new folder (2)\monster hunter online\bin\client\tools\tqos_reporter.exe
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-10-09]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {BDDDE980-C83F-4A8C-84E1-4F78EEF45929} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Google Slides) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-07]
CHR Extension: (Google Docs) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-07]
CHR Extension: (Google Drive) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-07]
CHR Extension: (YouTube) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-07]
CHR Extension: (Google Search) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-07]
CHR Extension: (Google Sheets) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-10]
CHR Extension: (ROBLOX+) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1452040 2016-10-15] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; G:\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-13] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-17] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1135288 2016-09-17] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 17:18 - 2017-01-12 18:15 - 03988944 _____ C:\Users\Primitive\Desktop\adwcleaner_6.042 - Copy.exe
2017-01-12 18:15 - 2017-01-13 17:21 - 00000000 ____D C:\AdwCleaner
2017-01-12 18:15 - 2017-01-12 18:15 - 03988944 _____ C:\Users\Primitive\Desktop\adwcleaner_6.042.exe
2017-01-12 17:08 - 2017-01-12 17:09 - 00017084 _____ C:\Users\Primitive\Desktop\Fixlog.txt
2017-01-12 17:07 - 2017-01-12 17:07 - 00000000 ____D C:\Users\Primitive\Downloads\FRST-OlderVersion
2017-01-12 17:05 - 2017-01-12 17:05 - 00004739 _____ C:\Users\Primitive\Desktop\fixlist.txt
2017-01-12 17:04 - 2017-01-13 17:24 - 00001022 _____ C:\Users\Primitive\Desktop\FRST64.exe - Shortcut.lnk
2017-01-11 19:14 - 2017-01-11 19:14 - 00000127 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-01-11 19:02 - 2017-01-11 19:02 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-01-11 19:02 - 2017-01-11 19:02 - 00000741 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-01-11 19:02 - 2017-01-11 19:02 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RANY-Windows-10-Home-(64-bit).dat
2017-01-11 19:02 - 2017-01-11 19:02 - 00000000 ____D C:\RegBackup
2017-01-11 19:02 - 2017-01-11 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-11 19:01 - 2017-01-11 19:02 - 00013886 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-01-11 19:01 - 2017-01-11 19:01 - 05766144 _____ (Tweaking.com) C:\Users\Primitive\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-11 18:44 - 2017-01-11 18:44 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-10 21:38 - 2017-01-13 17:24 - 00071712 _____ C:\Users\Primitive\Downloads\Addition.txt
2017-01-10 21:38 - 2017-01-13 17:24 - 00020733 _____ C:\Users\Primitive\Downloads\FRST.txt
2017-01-10 21:38 - 2017-01-13 17:24 - 00000000 ____D C:\FRST
2017-01-10 21:38 - 2017-01-12 17:07 - 02419200 _____ (Farbar) C:\Users\Primitive\Downloads\FRST64.exe
2017-01-10 21:12 - 2017-01-10 21:12 - 00000969 _____ C:\Users\Primitive\Downloads\DigiCertHighAssuranceEVRootCA.crt
2017-01-10 20:47 - 2017-01-10 20:47 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 20:34 - 2017-01-10 21:03 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-10 20:32 - 2017-01-10 20:33 - 231192896 _____ (AVAST Software) C:\Users\Primitive\Downloads\avast_free_antivirus_setup_offline.exe
2017-01-10 19:32 - 2017-01-10 19:37 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-10 19:32 - 2017-01-10 19:37 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-10 19:32 - 2017-01-10 19:32 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 19:31 - 2016-03-04 11:55 - 00987728 _____ (Google Inc.) C:\Users\Primitive\Desktop\ChromeSetup.exe
2017-01-10 19:21 - 2017-01-10 19:21 - 00001442 _____ C:\Users\Primitive\Desktop\Microsoft Edge - Shortcut.lnk
2017-01-10 19:12 - 2016-12-21 04:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:12 - 2016-12-21 04:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-10 19:12 - 2016-12-21 03:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-10 19:12 - 2016-12-21 02:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-10 19:12 - 2016-12-21 01:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-10 19:12 - 2016-12-21 00:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-10 19:12 - 2016-12-21 00:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:12 - 2016-12-21 00:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:12 - 2016-12-21 00:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-10 19:12 - 2016-12-21 00:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:12 - 2016-12-20 23:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 06:10 - 2017-01-10 06:10 - 00288256 ____H C:\WINDOWS\system32\BIT8DED.tmp
2017-01-10 06:10 - 2017-01-10 06:10 - 00288256 ____H C:\WINDOWS\system32\BIT6FB5.tmp
2017-01-10 01:32 - 2017-01-10 01:32 - 00006952 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_01.32.06_log.txt
2017-01-10 01:31 - 2017-01-10 01:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-10 01:29 - 2017-01-10 01:31 - 00086176 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_01.29.53_log.txt
2017-01-10 01:29 - 2017-01-10 01:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Primitive\Desktop\tdsskiller.exe
2017-01-10 01:14 - 2017-01-12 17:05 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAA7E8BD-894E-42B0-A4E4-C7C98A5F38BF}
2017-01-10 01:10 - 2017-01-10 01:10 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-10 01:01 - 2017-01-10 21:05 - 00000649 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 01:01 - 2017-01-10 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 01:01 - 2017-01-10 01:00 - 54199488 _____ (Malwarebytes ) C:\Users\Primitive\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-10 01:01 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-10 00:57 - 2017-01-10 00:57 - 00000000 ____D C:\Users\Primitive\Desktop\mbam-chameleon-3.1.33.0
2017-01-10 00:18 - 2017-01-10 00:19 - 06705178 _____ C:\Users\Primitive\Downloads\mbam-chameleon-3.1.33.0.zip
2017-01-10 00:02 - 2017-01-10 00:02 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mozilla
2017-01-09 23:49 - 2017-01-09 23:49 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-01-09 23:46 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\4W0W2ATTVO
2017-01-09 22:06 - 2017-01-10 20:57 - 02352668 _____ C:\WINDOWS\ntbtlog.txt
2017-01-09 22:06 - 2017-01-10 20:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-09 21:59 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\WULGW5D5I7
2017-01-09 21:54 - 2017-01-10 01:07 - 00000000 ____D C:\Program Files\COMODO
2017-01-09 21:54 - 2017-01-09 21:54 - 00000001 _____ C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 21:54 - 2017-01-09 21:54 - 00000000 ____D C:\ProgramData\COMODO
2017-01-09 21:53 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\2A2LPM4EMV
2017-01-09 21:53 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-09 21:53 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Primitive\AppData\Local\node-webkit
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ___HD C:\Program Files (x86)\neuharth
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ___HD C:\Program Files (x86)\Defects
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files\IC2V2WYVYK
2017-01-09 21:52 - 2017-01-10 01:31 - 00000000 ____D C:\Program Files (x86)\operant
2017-01-09 21:52 - 2017-01-10 01:16 - 00000000 ___HD C:\Program Files (x86)\Hits
2017-01-09 21:52 - 2017-01-10 01:14 - 00000000 ____D C:\Program Files (x86)\lafite
2017-01-09 21:52 - 2017-01-10 01:08 - 00000000 ____D C:\Program Files (x86)\Ralph
2017-01-09 21:52 - 2017-01-10 01:08 - 00000000 ____D C:\Program Files (x86)\acidosis
2017-01-09 21:52 - 2017-01-10 01:07 - 00000000 ____D C:\Program Files (x86)\institutionalizing
2017-01-09 21:52 - 2017-01-09 23:53 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-09 21:52 - 2017-01-09 21:54 - 00000000 ____D C:\a
2017-01-09 21:52 - 2017-01-09 21:54 - 00000000 _____ C:\Users\Primitive\AppData\Local\stxtname.txt
2017-01-09 21:52 - 2017-01-09 21:52 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-09 21:52 - 2017-01-09 21:52 - 00140288 _____ C:\Users\Primitive\AppData\Roaming\Installer.dat
2017-01-09 21:52 - 2017-01-09 21:52 - 00000055 _____ C:\WINDOWS\key.ini
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\Program Files (x86)\MaxInternet
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 ____D C:\Program Files (x86)\informs
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 _____ C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 21:52 - 2017-01-09 21:52 - 00000000 _____ C:\TOSTACK
2017-01-09 21:49 - 2017-01-09 21:53 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\uTorrent
2017-01-09 21:43 - 2017-01-09 21:43 - 00010752 _____ C:\WINDOWS\omagh.exe
2017-01-09 11:23 - 2017-01-09 11:23 - 00192000 _____ C:\WINDOWS\dll.dll
2017-01-09 11:23 - 2017-01-09 11:23 - 00041202 _____ C:\WINDOWS\blasphemous.exe
2017-01-08 11:36 - 2016-11-22 06:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-08 11:36 - 2016-11-22 05:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-01-08 11:36 - 2016-11-22 05:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-08 11:36 - 2016-11-22 05:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-08 11:36 - 2016-11-22 05:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-01-08 11:36 - 2016-11-22 05:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-08 11:36 - 2016-11-22 05:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-08 11:36 - 2016-11-22 05:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-08 11:36 - 2016-11-22 04:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-01-08 11:36 - 2016-11-22 04:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-01-08 11:36 - 2016-11-22 04:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-01-08 11:36 - 2016-11-22 04:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-08 11:36 - 2016-11-22 04:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-01-08 11:36 - 2016-11-22 04:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-01-08 11:36 - 2016-11-22 04:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-01-08 11:36 - 2016-11-22 03:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-08 11:36 - 2016-11-22 03:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-01-08 11:36 - 2016-11-22 03:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-01-08 11:36 - 2016-11-22 03:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-08 11:36 - 2016-11-22 03:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-08 11:36 - 2016-11-22 03:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-08 11:36 - 2016-11-22 03:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-01-08 11:36 - 2016-11-22 03:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-08 11:36 - 2016-11-22 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-01-08 11:36 - 2016-11-22 03:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-01-08 11:36 - 2016-11-22 03:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-01-08 11:36 - 2016-11-22 03:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-08 11:36 - 2016-11-22 02:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-08 11:36 - 2016-11-22 02:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-01-08 11:36 - 2016-11-22 02:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-01-08 11:36 - 2016-11-22 02:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-01-08 11:36 - 2016-11-22 02:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-01-08 11:36 - 2016-11-22 02:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-08 11:36 - 2016-11-22 02:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-08 11:36 - 2016-11-22 02:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-01-08 11:36 - 2016-11-22 02:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-01-08 11:36 - 2016-11-22 02:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-08 11:36 - 2016-11-22 02:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-08 11:36 - 2016-11-22 01:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-08 11:36 - 2016-11-22 01:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-01-08 11:36 - 2016-11-22 01:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-08 11:36 - 2016-11-22 01:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-06 14:13 - 2017-01-06 14:13 - 02020532 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-01-02 14:04 - 2017-01-02 14:04 - 00000000 ____D C:\Users\Primitive\Documents\My Games
2017-01-01 19:08 - 2016-12-11 13:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-01 19:05 - 2016-12-11 22:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 17586992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00470400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00172736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00153368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00150784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-01-01 19:05 - 2016-12-11 22:03 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-01 19:00 - 2017-01-13 17:21 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-01 19:00 - 2016-12-12 18:36 - 00156096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-01 19:00 - 2016-12-12 18:36 - 00123840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-01 19:00 - 2016-12-12 09:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2016-12-23 20:02 - 2016-12-23 20:12 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\HandBrake
2016-12-23 20:02 - 2016-12-23 20:02 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\HandBrake Team
2016-12-23 19:56 - 2016-12-23 19:56 - 00000000 ____D C:\Users\Primitive\.fontconfig
2016-12-23 19:55 - 2016-12-23 19:55 - 00005054 _____ C:\ProgramData\mudtcpaz.vzs
2016-12-23 19:55 - 2016-12-23 19:55 - 00000016 _____ C:\ProgramData\mntemp
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\Users\Primitive\AppData\Local\Movavi
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\Users\Primitive\AppData\Local\converter
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\ProgramData\Movavi
2016-12-17 19:53 - 2016-12-17 19:53 - 00000000 ____D C:\Users\Primitive\Documents\Heroes of the Storm
2016-12-16 16:59 - 2016-12-16 17:00 - 00000000 ____D C:\Users\Primitive\AppData\Local\SkypePlugin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-13 17:22 - 2016-10-09 14:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-01-13 17:22 - 2016-04-04 15:11 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-13 17:22 - 2016-02-07 00:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-13 17:22 - 2016-02-07 00:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-13 17:21 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-01-13 17:18 - 2016-10-09 15:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-01-13 17:18 - 2016-10-09 14:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-01-13 17:17 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 17:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-12 19:54 - 2016-09-26 16:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-12 17:16 - 2016-02-07 00:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 17:08 - 2016-02-07 04:03 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Temp
2017-01-11 23:44 - 2016-02-07 01:05 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-11 23:44 - 2016-02-07 01:05 - 00000000 ____D C:\Program Files\paint.net
2017-01-11 22:02 - 2016-02-11 17:47 - 00000000 ____D C:\Users\Primitive\AppData\Local\CrashDumps
2017-01-11 18:44 - 2016-04-30 11:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\discord
2017-01-11 18:44 - 2016-04-30 11:59 - 00000000 ____D C:\Users\Primitive\AppData\Local\Discord
2017-01-10 21:27 - 2016-02-07 00:04 - 00000000 ____D C:\Users\Primitive
2017-01-10 20:55 - 2016-02-07 00:39 - 00000000 ____D C:\Program Files\WinRAR
2017-01-10 20:47 - 2016-02-07 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 20:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 20:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 20:13 - 2016-02-07 02:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-10 20:12 - 2016-02-07 02:38 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 20:12 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 19:32 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-10 01:08 - 2015-10-30 02:18 - 00001590 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2017-01-10 01:01 - 2016-04-04 15:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-10 00:26 - 2016-04-04 15:11 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-09 23:42 - 2016-04-04 15:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-09 22:02 - 2016-02-07 00:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\MicrosoftEdge
2017-01-09 21:54 - 2016-05-01 19:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-09 21:54 - 2016-04-04 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-09 21:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-01-09 21:49 - 2016-11-10 10:17 - 00001672 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk
2017-01-09 21:49 - 2016-02-07 00:11 - 00002291 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-09 18:36 - 2016-05-19 19:58 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\5kplayer
2017-01-08 21:07 - 2016-02-07 00:01 - 00355432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-08 11:36 - 2016-12-01 23:13 - 00000000 ____D C:\WINDOWS\Panther
2017-01-07 20:49 - 2016-02-09 14:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-01-07 16:38 - 2016-02-09 14:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-05 17:02 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-01-02 15:00 - 2016-02-07 00:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-01-02 14:24 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-02 14:23 - 2016-10-14 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-01 23:47 - 2016-02-07 03:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-01-01 19:08 - 2016-10-06 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-01 19:08 - 2016-02-07 00:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-01 19:08 - 2014-08-31 13:59 - 00000000 ____D C:\Temp
2017-01-01 19:07 - 2016-04-30 15:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-01 19:00 - 2016-02-07 02:02 - 00000000 ____D C:\Users\Primitive\AppData\Local\NVIDIA Corporation
2017-01-01 19:00 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-01 19:00 - 2016-02-07 00:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-31 13:36 - 2016-02-07 00:15 - 00000249 _____ C:\Users\Primitive\AppData\LocalLow\rbxcsettings.rbx
2016-12-28 20:43 - 2016-11-24 21:22 - 00000000 ____D C:\Users\Primitive\AppData\Local\Warframe
2016-12-22 17:48 - 2015-10-30 02:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:48 - 2015-10-30 02:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 22:14 - 2016-03-11 17:19 - 00536312 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-12-16 22:30 - 2016-02-07 00:04 - 00524288 ___SH C:\Users\Primitive\NTUSER.DAT{c88bea38-cd57-11e5-a678-cb494ac8b415}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 22:30 - 2016-02-07 00:04 - 00065536 ___SH C:\Users\Primitive\NTUSER.DAT{c88bea38-cd57-11e5-a678-cb494ac8b415}.TM.blf
2016-12-16 16:50 - 2016-02-07 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-15 20:07 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Fonts

==================== Files in the root of some directories =======

2017-01-09 21:52 - 2017-01-09 21:52 - 0099678 _____ () C:\Users\Primitive\AppData\Roaming\booking.ico
2017-01-09 21:52 - 2017-01-09 21:52 - 0140288 _____ () C:\Users\Primitive\AppData\Roaming\Installer.dat
2016-06-01 20:22 - 2016-06-01 20:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 21:52 - 2017-01-09 21:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 21:54 - 2017-01-09 21:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 21:52 - 2017-01-09 21:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2016-09-17 23:45 - 2016-09-17 23:45 - 0000184 _____ () C:\ProgramData\DP0004.dat
2016-12-23 19:55 - 2016-12-23 19:55 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-23 19:55 - 2016-12-23 19:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 19:00 - 2017-01-13 17:22 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 19:00 - 2017-01-13 17:21 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\DP0004.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-09 19:00

==================== End of FRST.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Advertisement
Register to Remove

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 13th, 2017, 6:27 pm

D.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Primitive (13-01-2017 17:25:03)
Running from C:\Users\Primitive\Downloads
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2627 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
The Isle (HKLM\...\Steam App 376210) (Version: - The Isle Development Team)
Totally Accurate Battle Simulator Pre-Alpha (HKLM\...\Steam App 527140) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-87cbcdfb13a344d3\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {30720EBD-6B23-4480-AFBE-9301DD8129A6} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {33F94D7B-F333-4652-91FA-6DEDBD484C6F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10] (Google Inc.)
Task: {593081F6-0B89-44E8-A793-DBCE99D670AA} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {7383467A-0086-47BF-9D1E-AF2040F0A486} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {7BE3CD3D-2966-494B-9D5B-EE9F43376DBD} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {7BFCBED3-6172-418D-822F-D113AB470B5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {800E8A36-B17F-4F95-A64F-A647CB2FEA69} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {92D0F9B2-3C39-4259-B432-4F5395A54F00} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {98F0C1B4-71B1-47FA-B3F0-F6E691D23212} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-10] (Google Inc.)
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-04] (Microsoft Corporation)
Task: {CC0DC334-27D4-446E-8128-6D1F9DA14A6B} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {CF70B2F2-CFD9-46C0-8D96-34983E96F787} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {D8A06427-5D05-4CE1-BE41-5F3886ED06BC} - \{422AEE5F-5505-466A-BA11-DE3F57D65AA8} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-08 14:14 - 2016-12-12 18:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 14:14 - 2016-12-12 18:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-10 21:05 - 2016-12-14 12:55 - 02259232 _____ () G:\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-02-07 00:10 - 2016-12-11 13:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 17:33 - 2016-10-25 04:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 17:33 - 2016-10-25 04:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 19:11 - 2016-05-19 19:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 22:27 - 2016-12-03 22:04 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-18 15:14 - 2016-04-18 15:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-07 02:36 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 18:31 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 17:34 - 2016-10-24 23:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 17:33 - 2016-10-24 23:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 17:34 - 2016-10-24 23:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 17:33 - 2016-10-24 23:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 05:51 - 2016-09-12 05:51 - 00175616 _____ () G:\Rainmeter\Plugins\AudioLevel.DLL
2016-10-08 14:14 - 2016-12-12 18:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 14:14 - 2016-12-12 18:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 14:14 - 2016-12-12 18:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-18 15:14 - 2016-04-18 15:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 15:14 - 2016-04-18 15:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-12-14 23:26 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 23:26 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00025088 _____ () C:\Windows\SYSTEM32\GamePanelExternalHook.dll
2016-10-09 14:09 - 2016-12-21 18:10 - 51777648 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-09 14:09 - 2016-12-21 18:10 - 01803888 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 14:09 - 2016-12-21 18:10 - 00086128 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll
2016-10-08 14:14 - 2016-12-12 18:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-08 14:14 - 2016-12-12 09:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 14:14 - 2016-12-12 09:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 14:14 - 2016-12-12 09:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 14:14 - 2016-12-12 09:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 14:14 - 2016-12-12 09:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-08 14:14 - 2016-12-12 09:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 14:14 - 2016-12-12 09:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-01 19:00 - 2016-12-12 09:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-01-12 17:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\Pictures\big_a0f1f3bcc1f601603a7746e051ce85bc5ad4239a.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => G:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3BE3CC7F-5208-4A7A-9370-F7489620C90D}] => G:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C05D3BA1-4DD2-4A84-BEA8-3190A1941055}] => G:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{50BD045B-6C86-48A8-9D48-AB6236D94929}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle.exe] => G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle.exe
FirewallRules: [UDP Query User{4E1303C0-EB98-4B48-BF1D-4B79547B8D25}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle.exe] => G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7B59F884-D077-4E88-933A-49C257DDC5CB}G:\steam\steamapps\common\portal stories mel\portal2.exe] => G:\steam\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [UDP Query User{59D5B39E-1025-43EC-8E88-92C45153DA04}G:\steam\steamapps\common\portal stories mel\portal2.exe] => G:\steam\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{3B8D63DA-0833-4E16-BE91-63E7C504F10C}] => G:\Steam\SteamApps\common\The Isle\TheIsle\Binaries\Win64\TheIsle_BE.exe
FirewallRules: [{DE49DA0C-1164-4AA1-9383-0BC2C72AFA7D}] => G:\Steam\SteamApps\common\The Isle\TheIsle\Binaries\Win64\TheIsle_BE.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{8FA1724F-947C-4FC9-9301-ADCAD47CC4DB}] => G:\Steam\SteamApps\common\TABS_ALPHA\TotallyAccurateBattleSimulator.exe
FirewallRules: [{6BF072C4-ECC9-4CBE-8325-B81AED956B94}] => G:\Steam\SteamApps\common\TABS_ALPHA\TotallyAccurateBattleSimulator.exe
FirewallRules: [{8BB566BA-8A39-4637-8D31-976C6E99F7CA}] => G:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B87226CC-F875-41D2-9274-8222F42F1320}] => G:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{1B6E1B1F-F750-4039-B29E-8DFD3871CC57}] => G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{29450FA5-490D-4E7F-A699-162FB391860C}] => G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{943EE869-C5BA-4CCA-BDDD-1DDECC84B4F1}] => G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{8292164D-ED85-4873-879C-44753138903E}] => G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => C:\WINDOWS\cutler.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{C72ABD92-FB33-4512-8D58-7643B959D85F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-01-2017 23:44:18 paint.net 4.0.13
12-01-2017 17:08:26 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2017 05:16:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/12/2017 05:12:21 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2017 05:08:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/11/2017 11:44:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/11/2017 11:44:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5038e1da-9a9a-428a-a8aa-1b8003d808e4}

Error: (01/11/2017 10:02:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.272.0.33831, time stamp: 0x586da80b
Faulting module name: RobloxPlayerBeta.exe, version: 0.272.0.33831, time stamp: 0x586da80b
Exception code: 0xc0000005
Fault offset: 0x0072cf11
Faulting process id: 0xe18
Faulting application start time: 0x01d26c8042d6a98f
Faulting application path: C:\Users\Primitive\AppData\Local\Roblox\Versions\version-7d9c06d298534e0c\RobloxPlayerBeta.exe
Faulting module path: C:\Users\Primitive\AppData\Local\Roblox\Versions\version-7d9c06d298534e0c\RobloxPlayerBeta.exe
Report Id: ce18d593-0858-4851-8feb-bcf3d6b8144b
Faulting package full name:
Faulting package-relative application ID:

Error: (01/11/2017 07:02:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/11/2017 06:49:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (01/11/2017 06:48:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/10/2017 09:34:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


System errors:
=============
Error: (01/13/2017 05:23:22 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:22 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2017 05:23:21 PM) (Source: DCOM) (EventID: 10016) (User: RANY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Rany\Primitive SID (S-1-5-21-233390903-2661952563-451428824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-11 13:25:48.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-11 11:25:47.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-11 11:18:35.973
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 31%
Total physical RAM: 8143.07 MB
Available physical RAM: 5598.21 MB
Total Virtual: 11471.07 MB
Available Virtual: 8757.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:37.52 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:396.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 13th, 2017, 6:28 pm

E.

Nothing I can notice. Also, ignore the V's at the end of the AdwCleaner log. Accidentally held the key down whilst posting. My bad!
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby pgmigg » January 14th, 2017, 2:36 am

Hello JustTheEngineer,

Good job! And yet we still have not finished ... :D

Step 1.
FRST Fix
  1. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  2. Please press the Windows Key + R.
  3. Type notepad.exe into the text box and click OK.
  4. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
    NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
    Task: {30720EBD-6B23-4480-AFBE-9301DD8129A6} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {593081F6-0B89-44E8-A793-DBCE99D670AA} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {7BE3CD3D-2966-494B-9D5B-EE9F43376DBD} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    TTask: {800E8A36-B17F-4F95-A64F-A647CB2FEA69} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {98F0C1B4-71B1-47FA-B3F0-F6E691D23212} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    ask: {CC0DC334-27D4-446E-8128-6D1F9DA14A6B} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {CF70B2F2-CFD9-46C0-8D96-34983E96F787} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {D8A06427-5D05-4CE1-BE41-5F3886ED06BC} - \{422AEE5F-5505-466A-BA11-DE3F57D65AA8} -> No File <==== ATTENTION
    C:\ProgramData\DP0004.dat
    
    EmptyTemp:
    
  5. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  6. Right click on FRST64.exe and select Run as administrator.
  7. Press the Fix button one time only and wait.
  8. When FRST finishes you will be prompted to reboot your computer. Click OK.
  9. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 2.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  1. Please go HERE then click on Scan now and save esetonlinescanner_enu.exe on your Desktop.
  2. Double-click on esetsmartinstaller_enu.exe to run it.
  3. Select the option Accept for the Terms of Use and then follow the prompt.
  4. On the next screen please check Enable detection of potentially unwanted applications.
  5. Then click on Advanced Settings and select the following:
    • Enable detection of potentially unsafe applications
    • Enabled detection of suspicion applications
    • Scan archives
    • Enable Anti-Stealth technology
  6. Make sure that the option Clean threats automatically is NOT checked, as well as Use custom proxy settings.
  7. Now click on Scan button.
  8. The Downloading virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  9. Do not touch either the Mouse or Кeyboard during the scan otherwise it may stall.
  10. When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  11. Exit out of ESET Online Scanner.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Contents of the ESET.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 12:46 pm

A. I sort of did have an issue with the instructions. On the ESET Online Scanner, your instructions didn't match the application I used. You said to click on the link to the List of found threats but there wasn't any URL for me to copy. Instead, my application popped up and looked like this:

http://imgur.com/a/tGode

I clicked save to text file and posted the log below. Hopefully that will suffice as it's the same program just not browser based?
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 12:47 pm

B.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by Primitive (14-01-2017 10:24:31) Run:2
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Task: {30720EBD-6B23-4480-AFBE-9301DD8129A6} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {593081F6-0B89-44E8-A793-DBCE99D670AA} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {7BE3CD3D-2966-494B-9D5B-EE9F43376DBD} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
TTask: {800E8A36-B17F-4F95-A64F-A647CB2FEA69} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {98F0C1B4-71B1-47FA-B3F0-F6E691D23212} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
ask: {CC0DC334-27D4-446E-8128-6D1F9DA14A6B} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {CF70B2F2-CFD9-46C0-8D96-34983E96F787} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {D8A06427-5D05-4CE1-BE41-5F3886ED06BC} - \{422AEE5F-5505-466A-BA11-DE3F57D65AA8} -> No File <==== ATTENTION
C:\ProgramData\DP0004.dat

EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30720EBD-6B23-4480-AFBE-9301DD8129A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30720EBD-6B23-4480-AFBE-9301DD8129A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{593081F6-0B89-44E8-A793-DBCE99D670AA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{593081F6-0B89-44E8-A793-DBCE99D670AA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BE3CD3D-2966-494B-9D5B-EE9F43376DBD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BE3CD3D-2966-494B-9D5B-EE9F43376DBD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\T{800E8A36-B17F-4F95-A64F-A647CB2FEA69} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeT\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98F0C1B4-71B1-47FA-B3F0-F6E691D23212} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F0C1B4-71B1-47FA-B3F0-F6E691D23212} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
ask: {CC0DC334-27D4-446E-8128-6D1F9DA14A6B} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF70B2F2-CFD9-46C0-8D96-34983E96F787} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF70B2F2-CFD9-46C0-8D96-34983E96F787} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A06427-5D05-4CE1-BE41-5F3886ED06BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A06427-5D05-4CE1-BE41-5F3886ED06BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{422AEE5F-5505-466A-BA11-DE3F57D65AA8} => key removed successfully
C:\ProgramData\DP0004.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9549988 B
Java, Flash, Steam htmlcache => 29176695 B
Windows/system/drivers => 39402 B
Edge => 0 B
Chrome => 22852157 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 0 B
NetworkService => 0 B
Primitive => 238029459 B

RecycleBin => 0 B
EmptyTemp: => 285.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:24:42 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 12:49 pm

C.

C:\AdwCleaner\quarantine\files\bilzjsxmpagshrfvvgbbpzfjvwonweaq\Freshlex.exe MSIL/Toolbar.Linkury.BP potentially unwanted application
C:\FRST\Quarantine\C\Users\Primitive\AppData\Local\Temp\BrowserAir.exe.xBAD a variant of Win32/SpeedBit.AX potentially unwanted application
C:\FRST\Quarantine\C\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE.xBAD a variant of Win32/Tencent.E potentially unwanted application
C:\ProgramData\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\ProgramData\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\TDSSKiller_Quarantine\10.01.2017_01.29.56\susp0003\file0000\tsk0000.dta Win32/Adware.Dotdo.J application
C:\TDSSKiller_Quarantine\10.01.2017_01.29.56\uds0000\file0000\tsk0000.dta a variant of MSIL/Adware.CsdiMonetize.E application
C:\TDSSKiller_Quarantine\10.01.2017_01.29.56\uds0001\file0000\tsk0000.dta a variant of MSIL/Adware.CsdiMonetize.E application
C:\TDSSKiller_Quarantine\10.01.2017_01.29.56\uds0002\file0000\tsk0000.dta a variant of MSIL/Adware.CsdiMonetize.E application
C:\TDSSKiller_Quarantine\10.01.2017_01.29.56\uds0003\file0000\tsk0000.dta a variant of MSIL/Adware.CsdiMonetize.E application
C:\Users\All Users\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application
C:\Windows\75dffb6da80dd620d53b0fc631c7fcbc.exe a variant of Win32/Packed.NSISmod.AE suspicious application
C:\Windows\System32\BIT6FB5.tmp a variant of Win32/SpeedBit.BG potentially unwanted application
C:\Windows\System32\BIT8DED.tmp a variant of Win32/SpeedBit.BG potentially unwanted application
G:\FileHistory\Primitive\RANY\Data\C\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit (2017_01_11 04_03_50 UTC).exe a variant of MSIL/HackKMS.G potentially unsafe application
G:\Mirror Videos\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\DXHRML\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
G:\Shortcuts\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application
G:\The Ark Project\DOCUMENTS\Alienware-Windows-Theme-Pack-2.zip Win32/OpenCandy potentially unsafe application
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 12:50 pm

D.

Nothing I can notice, no.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby pgmigg » January 14th, 2017, 1:11 pm

Hello JustTheEngineer,

A. I sort of did have an issue with the instructions. On the ESET Online Scanner, your instructions didn't match the application I used. You said to click on the link to the List of found threats but there wasn't any URL for me to copy. Instead, my application popped up and looked like this:
Sorry, it was my fault :oops:, but you've done it right! :thumbleft:
From time to time application interfaces are changed and we do not always have enough time to keep track of all such changes. Thanks for letting me know, I'll change my set of steps accordingly so that others aren't inconvenienced as you were.

Step 1.
FRST Fix
  1. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  2. Please press the Windows Key + R.
  3. Type notepad.exe into the text box and click OK.
  4. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    C:\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit.exe
    C:\Windows\75dffb6da80dd620d53b0fc631c7fcbc.exe	
    C:\Windows\System32\BIT6FB5.tmp
    C:\Windows\System32\BIT8DED.tmp	
    G:\FileHistory\Primitive\RANY\Data\C\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit (2017_01_11 04_03_50 UTC).exe
    G:\Mirror Videos\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar
    G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll	
    G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\DXHRML\steam_api.dll
    G:\Shortcuts\Microsoft Toolkit.exe	
    
    EmptyTemp:
    
  5. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  6. Right click on FRST64.exe and select Run as administrator.
  7. Press the Fix button one time only and wait.
  8. When FRST finishes you will be prompted to reboot your computer. Click OK.
  9. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 5:03 pm

A.

None at all.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 5:03 pm

B.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by Primitive (14-01-2017 15:52:25) Run:3
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

C:\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit.exe
C:\Windows\75dffb6da80dd620d53b0fc631c7fcbc.exe
C:\Windows\System32\BIT6FB5.tmp
C:\Windows\System32\BIT8DED.tmp
G:\FileHistory\Primitive\RANY\Data\C\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit (2017_01_11 04_03_50 UTC).exe
G:\Mirror Videos\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\DXHRML\steam_api.dll
G:\Shortcuts\Microsoft Toolkit.exe

EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit.exe => moved successfully
"C:\Windows\75dffb6da80dd620d53b0fc631c7fcbc.exe " => not found.
C:\Windows\System32\BIT6FB5.tmp => moved successfully
"C:\Windows\System32\BIT8DED.tmp " => not found.
G:\FileHistory\Primitive\RANY\Data\C\Users\Primitive\Downloads\Shortcuts\Microsoft Toolkit (2017_01_11 04_03_50 UTC).exe => moved successfully
G:\Mirror Videos\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar => moved successfully
"G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll " => not found.
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\DXHRML\steam_api.dll => moved successfully
"G:\Shortcuts\Microsoft Toolkit.exe " => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6415980 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1754 B
Edge => 0 B
Chrome => 386850212 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Primitive => 6834470 B

RecycleBin => 0 B
EmptyTemp: => 381.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:52:57 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 14th, 2017, 5:06 pm

C. No changes I can tell although I have been noticing any accounts I have on websites are getting logged out of. Is this normal?
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby pgmigg » January 14th, 2017, 11:36 pm

Hello JustTheEngineer,

JustTheEngineer wrote:C. No changes I can tell although I have been noticing any accounts I have on websites are getting logged out of. Is this normal?
Yes, it is normal. The fact is that the removal of temporary Internet files when you continue to keep your browsers opened, just gives such results. Usually, any action to clean up or scan a computer accompanied by the original closing of all programs, including browsers.

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
Please download delfix and save it to your Desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby JustTheEngineer » January 15th, 2017, 3:08 am

Thanks so much pgmigg! Can't thank you enough!
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Virus Denying Internet Access (Certificate issue?)

Unread postby pgmigg » January 15th, 2017, 12:38 pm

JustTheEngineer wrote:Thanks so much pgmigg! Can't thank you enough!
You are very welcome, JustTheEnginee! :D

We are pleased we could help you resolve your computer's malware issues.
If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

As the problems seem to be resolved, this topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 313 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware